Will Young wrote: > Glenn Faden wrote: >> Darren Reed wrote: >> >>> I don't know if what I'm really searching for is >>> PRIV_NET_FIREWALL or more. What I do know is that >>> PRIV_SYS_NET_CONFIG seems very wrong because of >>> the scope and nothing else in PRIV_NET_* seems >>> to be well suited to the task on my mind. >>> >> >> New privileges can be introduced, but we try to keep the name space >> flat. In other words, we don't want having one privilege to imply >> that you also have any others. Every required privilege should be >> explicit enabled. > Based on the description of the desired granularity I think the > typical model of using PRIV_SYS_NET_CONFIG (and/or PRIV_SYS_IP_CONFIG) > then modifying commands such as ipf to check more specific > authorizations works.
I must confess that I'm feeling quite alarmed at how many different actions are falling under PRIV_SYS_NET_CONFIG. It's like anyone with that privilege is the "network superuser", which kind of scares me. Which is why I'm asking "where are privileges going?" Does that one privilege really need to be reused amongst so many different programs/features? Darren
